Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dedecms vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-8933
In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Mana...
Dedecms Dedecms 5.7
7.2
CVSSv3
CVE-2023-27733
DedeCMS v5.7.106 exists to contain a SQL injection vulnerability via the component /dede/sys_sql_query.php.
Dedecms Dedecms 5.7.106
6.5
CVSSv3
CVE-2019-10014
In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated.
Dedecms Dedecms 5.7
6.1
CVSSv3
CVE-2018-18782
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter.
Dedecms Dedecms 5.7
9.8
CVSSv3
CVE-2018-10375
A file uploading vulnerability exists in /include/helpers/upload.helper.php in DedeCMS V5.7 SP2, which can be utilized by malicious users to upload and execute arbitrary PHP code via the /dede/archives_do.php?dopost=uploadLitpic litpic parameter when "Content-Type: image/jpe...
Dedecms Dedecms 5.7
9.8
CVSSv3
CVE-2020-18114
An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows malicious users to upload a webshell in HTM format.
Dedecms Dedecms 5.7
5.3
CVSSv3
CVE-2018-6881
EmpireCMS 6.6 allows remote malicious users to discover the full path via an array value for a parameter to admin/tool/ShowPic.php.
Dedecms Dedecms 5.7
Phome Empirecms 6.6
Phome Empirecms 7.0
Phome Empirecms 7.2
NA
CVE-2024-33749
DedeCMS V5.7.114 is vulnerable to deletion of any file via mail_file_manage.php.
NA
CVE-2024-34959
DedeCMS V5.7.113 is vulnerable to Cross Site Scripting (XSS) via sys_data_replace.php.
NA
CVE-2024-28676
DedeCMS v5.7 exists to contain a cross-site scripting (XSS) vulnerability via /dede/article_edit.php.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »